31 CFR § 1.22 - Requirements relating to systems of records.

CFR
Table of Popular Names

§ 1.22 Requirements relating to systems of records.

(a) In general. Subject to 5 U.S.C. 552a(j) and (k) and § 1.23(c), each component shall, in conformance with the Privacy Act:

(1) Maintain in its records only such information about an individual as is relevant and necessary to accomplish a purpose of the agency required to be accomplished by the statute or by Executive order of the President. (See 5 U.S.C. 552a(e)(1).)

(2) Collect information to the greatest extent practicable directly from the subject individual when the information may result in adverse determinations about an individual's rights, benefits, and privileges under Federal programs. (See 5 U.S.C. 552a(e)(2).)

(b) Requests for information from individuals. Subject to 5 U.S.C. 552a(j) and § 1.23(c)(1), each component of the Treasury shall inform each individual whom it asks to supply information, on the form which it uses to collect the information or on a separate form that can be retained by the individual:

(1) The authority (whether granted by statute, or by Executive order of the President) which authorizes the solicitation of the information and whether disclosure of such information is mandatory or voluntary;

(2) The principal purpose or purposes for which the information is intended to be used;

(3) The routine uses which may be made of the information, as published pursuant to 5 U.S.C. 552a(e)(4)(D); and

(4) The effects on such individual, if any, of not providing all or any part of the requested information. (See 5 U.S.C. 552a(e)(3).)

(c) Report on new systems. Each component of the Treasury shall provide adequate advance notice to Congress and the Office of Management and Budget's (OMB) Office of Information and Regulatory Affairs (OIRA) any proposal to establish or alter any system of records in order to permit an evaluation of the probable or potential effect of such proposal on the privacy and other personal or property rights of individuals or the disclosure of information relating to such individuals, and its effect on the preservation of the constitutional principles of federalism and separation of powers. (See 5 U.S.C. 552a(o).)

(d) Accurate and secure maintenance of records. Each component shall:

(1) Subject to 5 U.S.C. 552a(j) and § 1.23(c)(1), maintain all records which are used in making any determination about any individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to assure fairness to the individual in the determination (see 5 U.S.C. 552a(e)(5));

(2) Prior to disseminating any record about an individual to any person other than an agency, unless the dissemination is made pursuant to the Privacy Act (see subpart A of this part), make reasonable efforts to assure that such records are accurate, complete, timely, and relevant for Department of the Treasury purposes (see 5 U.S.C. 552a(e)(6)); and

(3) Establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained. (See 5 U.S.C. 552a(e)(10).)

(i) System managers, with the approval of the head of their offices within a component, shall establish administrative and physical controls, consistent with Department regulations in this part, to insure the protection of records systems from unauthorized access or disclosure and from physical damage or destruction. The controls instituted shall be proportional to the degree of sensitivity of the records but at a minimum must insure that records other than those available to the general public under the Freedom of Information Act (5 U.S.C. 552), are protected from public view, that the area in which the records are stored is supervised during all business hours and physically secure during nonbusiness hours to prevent unauthorized personnel from obtaining access to the records. Automated systems shall comply with the security standards promulgated by the National Institute of Standards and Technology (NIST).

(ii) System managers, with the approval of the head of their offices within a component, shall adopt access restrictions to insure that access to the records is limited to those individuals within the agency who have a need to access the records in order to perform their duties. Procedures shall also be adopted to prevent accidental access to, or dissemination of, records.

(e) Prohibition against maintenance of records concerning First Amendment rights. No component shall maintain a record describing how any individual exercises rights guaranteed by the First Amendment (e.g., speech), unless the maintenance of such record is:

(1) Expressly authorized by statute; or

(2) Expressly authorized by the individual about whom the record is maintained; or

(3) Pertinent to and within the scope of an authorized law enforcement activity. (See 5 U.S.C. 552a(e)(7).)

(f) Notification of disclosure under compulsory legal process. Subject to 5 U.S.C. 552a(j) and § 1.23(c)(1), when records concerning an individual are subpoenaed by a Grand Jury, Court, or quasi-judicial agency, or disclosed in accordance with an ex parte court order pursuant to 26 U.S.C. 6103(i), the official served with the subpoena or court order shall make reasonable efforts to assure that notice of any disclosure is provided to the individual. Notice shall be provided within five working days of making the records available under compulsory legal process or, in the case of a Grand Jury subpoena or an ex parte order, within five days of its becoming a matter of public record. Notice shall be mailed to the last known address of the individual and shall contain the following information: the date and authority to which the subpoena is, or was returnable, or the date of and court issuing the ex parte order, the name and number of the case or proceeding, and the nature of the information sought and provided. Notice of the issuance of a subpoena or an ex parte order is not required if the system of records has been exempted from the notice requirement of 5 U.S.C. 552a(e)(8) and this section, pursuant to 5 U.S.C. 552a(j) and § 1.23(c)(1), by a Notice of Exemption published in the Federal Register. (See 5 U.S.C. 552a(e)(8).)

(g) Emergency disclosure. If information concerning an individual has been disclosed to any person under compelling circumstances affecting health or safety, the individual shall be notified at the last known address within 5 days of the disclosure (excluding Saturdays, Sundays, and legal public holidays). Notification shall include the following information: The nature of the information disclosed, the person or agency to whom it was disclosed, the date of disclosure, and the compelling circumstances justifying the disclosure. Notification shall be given by the officer who made or authorized the disclosure. (See 5 U.S.C. 552a (b)(8).)

Privacy Act

Freedom of Information Act